2014, the year in hacks

Written by:

Date Posted:

Category:

Heartbleed- The Heartbleed bug caused chaos and confusion for users and industry professionals alike. A major security flaw at ‘the heart of the internet’ that may have exposed users’ personal details and password information was exposed. With a bug in the SSL software and therefore encryption of millions of sites, personal information, email and files could be accessed and compromised by hackers. Much of the confusion lay with which sites had been hit by Heartbleed and whether users should change their passwords.

ShellShock – The ShellShock vulnerability happened just months after the internet recovered from Heartbleed. Shellshock is a flaw in Bash system software – a component of Unix-y systems like Linux and OS X, Mac users, as well as web servers and home networking equipment. The vulnerability meant that hackers would be able to run commands on an affected machine.

iCloud (Apple) – Perhaps the most controversial of the year, the iCloud hacks that affected the private accounts of several high profile figures. Around 500 images of mostly female celebrities were posted on internet forums, and later shared widely across social media channels. The hack was a targeted attack on the iCloud online storage service, with a suspected ring of hackers, traders and sellers believed to have been at the heart of it. Apple claimed that instead of a flaw in the iCloud technology, phishing and brute force attacks were performed on passwords and security questions to obtain the files. Others have suggested that a flaw in the ‘Find my iPhone’ function may have been linked to the breach.

eBay – eBay were hit hard this year, with an enormous security breach for the online selling platform. By emailing users to instruct them to immediately change their passwords, it was clear that they had been a victim of cyber attack. The cyber attack compromised a database containing encrypted passwords and other data. Initially they thought that user data was safe, but eBay later confirmed that personal data belonging to 145 million users was accessed and compromised in the attack. Later in the year, a vicious redirect attack put buyers at risk. When users clicked on certain links in eBay they were diverted to a spoof website that was designed to steal their personal information.

Microsoft – Microsoft announced that a 19 year old bug was identified in Windows OS, a bug found in Windows software and server builds. The bug was found to date back to Windows 1995, a loop in the code that could allow a hacker to gain complete control over a user’s machine. An emergency patch was issued to users to make vital security improvements. Fortunately the vulnerability was detected by IBM and not a hacker, as it has been reported that the bounty on this high-profile bug would have been colossal.

Sony – Definitely one of the most disheartening security threats of the year is the recent attack on Sony Pictures. The hacker group Guardians of Peace (GOP) gained control of Sony’s computer network worldwide and locked employees out of their machines. They took sensitive data and made it available online, for instance personal email addresses of executives. Most of the controversy seems to revolve around the upcoming release of the film The Interview. The film’s plot has been deemed unacceptable by North Korea, given that the film features the country’s leader.

The GOP made various demands including equality for Sony employees and for them to not release the film. They stated if their demands were not met then they would reveal the salary and social security numbers of Sony employees online. At time of writing, the film’s premiere has been cancelled and the release cancelled due to terror concerns.